[bug#28387] [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes].

[bug#28387] [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes].

[Leo Famulari]

Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902,
12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997,
12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010,
13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024,
13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037,
13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050,
13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}.

* gnu/packages/admin.scm (tcpdump): Update to 4.9.2.
[source]: Remove patches.
* gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
gnu/packages/patches/tcpdump-CVE-2017-11542.patch,
gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
 gnu/local.mk                                      |  3 -
 gnu/packages/admin.scm                            |  7 +-
 gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 --------------
 gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 -----------
 gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 -----------------------
 5 files changed, 2 insertions(+), 171 deletions(-)
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11541.patch
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11542.patch
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11543.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9df17110b..2f8551076 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1034,9 +1034,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/tar-skip-unreliable-tests.patch		\
   %D%/packages/patches/tcl-mkindex-deterministic.patch		\
   %D%/packages/patches/tclxml-3.2-install.patch			\
-  %D%/packages/patches/tcpdump-CVE-2017-11541.patch		\
-  %D%/packages/patches/tcpdump-CVE-2017-11542.patch		\
-  %D%/packages/patches/tcpdump-CVE-2017-11543.patch		\
   %D%/packages/patches/tcsh-fix-autotest.patch			\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index f047bcaef..e6d5afe76 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -661,17 +661,14 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.9.1")
+    (version "4.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
                                   version ".tar.gz"))
-              (patches (search-patches "tcpdump-CVE-2017-11541.patch"
-                                       "tcpdump-CVE-2017-11542.patch"
-                                       "tcpdump-CVE-2017-11543.patch"))
               (sha256
                (base32
-                "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r"))))
+                "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch
deleted file mode 100644
index a9fc632dc..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Fix CVE-2017-11541
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
-
-From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Tue, 7 Feb 2017 11:40:36 -0800
-Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before
- checking for a NUL terminator.
-
-safeputs() doesn't do packet bounds checking of its own; it assumes that
-the caller has checked the availability in the packet data of all maxlen
-bytes of data.  This means we should check that we're within the
-specified limit before looking at the byte.
-
-This fixes a buffer over-read discovered by Kamil Frankowicz.
-
-Add a test using the capture file supplied by the reporter(s).
----
- tests/TESTLIST            |   1 +
- tests/hoobr_safeputs.out  |   2 ++
- tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes
- util-print.c              |   2 +-
- 4 files changed, 4 insertions(+), 1 deletion(-)
- create mode 100644 tests/hoobr_safeputs.out
- create mode 100644 tests/hoobr_safeputs.pcap
-
-diff --git a/util-print.c b/util-print.c
-index 394e7d59..ec3e8de8 100644
---- a/util-print.c
-+++ b/util-print.c
-@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo,
- {
- 	u_int idx = 0;
- 
--	while (*s && idx < maxlen) {
-+	while (idx < maxlen && *s) {
- 		safeputchar(ndo, *s);
- 		idx++;
- 		s++;
--- 
-2.14.1
-
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch
deleted file mode 100644
index 24849d518..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2017-11542:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
-
-From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Tue, 7 Feb 2017 11:10:04 -0800
-Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check.
-
-This fixes a buffer over-read discovered by Kamil Frankowicz.
-
-Add a test using the capture file supplied by the reporter(s).
----
- print-pim.c            |   1 +
- tests/TESTLIST         |   1 +
- tests/hoobr_pimv1.out  |  25 +++++++++++++++++++++++++
- tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes
- 4 files changed, 27 insertions(+)
- create mode 100644 tests/hoobr_pimv1.out
- create mode 100644 tests/hoobr_pimv1.pcap
-
-diff --git a/print-pim.c b/print-pim.c
-index 25525953..ed880ae7 100644
---- a/print-pim.c
-+++ b/print-pim.c
-@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,
- 			pimv1_join_prune_print(ndo, &bp[8], len - 8);
- 		break;
- 	}
-+	ND_TCHECK(bp[4]);
- 	if ((bp[4] >> 4) != 1)
- 		ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
- 	return;
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch
deleted file mode 100644
index c97350398..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-Fix CVE-2017-11543:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
-
-From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Fri, 17 Mar 2017 12:49:04 -0700
-Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid.
-
-Report if it's not, and don't use it as an out-of-bounds index into an
-array.
-
-This fixes a buffer overflow discovered by Wilfried Kirsch.
-
-Add a test using the capture file supplied by the reporter(s), modified
-so the capture file won't be rejected as an invalid capture.
----
- print-sl.c                    |  25 +++++++++++++++++++++++--
- tests/TESTLIST                |   3 +++
- tests/slip-bad-direction.out  |   1 +
- tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes
- 4 files changed, 27 insertions(+), 2 deletions(-)
- create mode 100644 tests/slip-bad-direction.out
- create mode 100644 tests/slip-bad-direction.pcap
-
-diff --git a/print-sl.c b/print-sl.c
-index 3fd7e898..a02077b3 100644
---- a/print-sl.c
-+++ b/print-sl.c
-@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo,
- 	u_int hlen;
- 
- 	dir = p[SLX_DIR];
--	ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O "));
-+	switch (dir) {
- 
-+	case SLIPDIR_IN:
-+		ND_PRINT((ndo, "I "));
-+		break;
-+
-+	case SLIPDIR_OUT:
-+		ND_PRINT((ndo, "O "));
-+		break;
-+
-+	default:
-+		ND_PRINT((ndo, "Invalid direction %d ", dir));
-+		dir = -1;
-+		break;
-+	}
- 	if (ndo->ndo_nflag) {
- 		/* XXX just dump the header */
- 		register int i;
-@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo,
- 		 * has restored the IP header copy to IPPROTO_TCP.
- 		 */
- 		lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p;
-+		ND_PRINT((ndo, "utcp %d: ", lastconn));
-+		if (dir == -1) {
-+			/* Direction is bogus, don't use it */
-+			return;
-+		}
- 		hlen = IP_HL(ip);
- 		hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]);
- 		lastlen[dir][lastconn] = length - (hlen << 2);
--		ND_PRINT((ndo, "utcp %d: ", lastconn));
- 		break;
- 
- 	default:
-+		if (dir == -1) {
-+			/* Direction is bogus, don't use it */
-+			return;
-+		}
- 		if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) {
- 			compressed_sl_print(ndo, &p[SLX_CHDR], ip,
- 			    length, dir);
-- 
2.14.1

[bug#28387] [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes]

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 406 bytes --]

This update was supposed to be "embargoed" until September 25. For some
reason, Tcpdump 4.9.2 is already being distributed by other distros.

This patch adds Arch Linux as a source because Tcpdump is still not
distributing 4.9.2 publicly. However, the tarball from Arch is identical
to the one distributed privately by Tcpdump.

I've attached Tcpdump's signature so that you can confirm this for
yourself.

[-- Attachment #1.2: EMBARGOED-tcpdump-4.9.2.tar.gz.sig --]
[-- Type: application/octet-stream, Size: 442 bytes --]

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[bug#28387] [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes].

[Leo Famulari]

I messed up the last patch (missing the additional source URL).

Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902,
12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997,
12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010,
13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024,
13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037,
13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050,
13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}.

* gnu/packages/admin.scm (tcpdump): Update to 4.9.2.
[source]: Remove patches.
* gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
gnu/packages/patches/tcpdump-CVE-2017-11542.patch,
gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
 gnu/local.mk                                      |  3 -
 gnu/packages/admin.scm                            | 14 ++--
 gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 --------------
 gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 -----------
 gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 -----------------------
 5 files changed, 7 insertions(+), 173 deletions(-)
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11541.patch
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11542.patch
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11543.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9df17110b..2f8551076 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1034,9 +1034,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/tar-skip-unreliable-tests.patch		\
   %D%/packages/patches/tcl-mkindex-deterministic.patch		\
   %D%/packages/patches/tclxml-3.2-install.patch			\
-  %D%/packages/patches/tcpdump-CVE-2017-11541.patch		\
-  %D%/packages/patches/tcpdump-CVE-2017-11542.patch		\
-  %D%/packages/patches/tcpdump-CVE-2017-11543.patch		\
   %D%/packages/patches/tcsh-fix-autotest.patch			\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index f047bcaef..08dcdd68d 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -661,17 +661,17 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.9.1")
+    (version "4.9.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
-                                  version ".tar.gz"))
-              (patches (search-patches "tcpdump-CVE-2017-11541.patch"
-                                       "tcpdump-CVE-2017-11542.patch"
-                                       "tcpdump-CVE-2017-11543.patch"))
+              (uri (list (string-append "http://www.tcpdump.org/release/tcpdump-"
+                                        version ".tar.gz")
+                         (string-append "https://sources.archlinux.org/other/"
+                                        "packages/tcpdump/tcpdump-" version
+                                        ".tar.gz")))
               (sha256
                (base32
-                "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r"))))
+                "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch
deleted file mode 100644
index a9fc632dc..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Fix CVE-2017-11541
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
-
-From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Tue, 7 Feb 2017 11:40:36 -0800
-Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before
- checking for a NUL terminator.
-
-safeputs() doesn't do packet bounds checking of its own; it assumes that
-the caller has checked the availability in the packet data of all maxlen
-bytes of data.  This means we should check that we're within the
-specified limit before looking at the byte.
-
-This fixes a buffer over-read discovered by Kamil Frankowicz.
-
-Add a test using the capture file supplied by the reporter(s).
----
- tests/TESTLIST            |   1 +
- tests/hoobr_safeputs.out  |   2 ++
- tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes
- util-print.c              |   2 +-
- 4 files changed, 4 insertions(+), 1 deletion(-)
- create mode 100644 tests/hoobr_safeputs.out
- create mode 100644 tests/hoobr_safeputs.pcap
-
-diff --git a/util-print.c b/util-print.c
-index 394e7d59..ec3e8de8 100644
---- a/util-print.c
-+++ b/util-print.c
-@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo,
- {
- 	u_int idx = 0;
- 
--	while (*s && idx < maxlen) {
-+	while (idx < maxlen && *s) {
- 		safeputchar(ndo, *s);
- 		idx++;
- 		s++;
--- 
-2.14.1
-
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch
deleted file mode 100644
index 24849d518..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2017-11542:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
-
-From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Tue, 7 Feb 2017 11:10:04 -0800
-Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check.
-
-This fixes a buffer over-read discovered by Kamil Frankowicz.
-
-Add a test using the capture file supplied by the reporter(s).
----
- print-pim.c            |   1 +
- tests/TESTLIST         |   1 +
- tests/hoobr_pimv1.out  |  25 +++++++++++++++++++++++++
- tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes
- 4 files changed, 27 insertions(+)
- create mode 100644 tests/hoobr_pimv1.out
- create mode 100644 tests/hoobr_pimv1.pcap
-
-diff --git a/print-pim.c b/print-pim.c
-index 25525953..ed880ae7 100644
---- a/print-pim.c
-+++ b/print-pim.c
-@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,
- 			pimv1_join_prune_print(ndo, &bp[8], len - 8);
- 		break;
- 	}
-+	ND_TCHECK(bp[4]);
- 	if ((bp[4] >> 4) != 1)
- 		ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
- 	return;
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch
deleted file mode 100644
index c97350398..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-Fix CVE-2017-11543:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
-
-From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Fri, 17 Mar 2017 12:49:04 -0700
-Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid.
-
-Report if it's not, and don't use it as an out-of-bounds index into an
-array.
-
-This fixes a buffer overflow discovered by Wilfried Kirsch.
-
-Add a test using the capture file supplied by the reporter(s), modified
-so the capture file won't be rejected as an invalid capture.
----
- print-sl.c                    |  25 +++++++++++++++++++++++--
- tests/TESTLIST                |   3 +++
- tests/slip-bad-direction.out  |   1 +
- tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes
- 4 files changed, 27 insertions(+), 2 deletions(-)
- create mode 100644 tests/slip-bad-direction.out
- create mode 100644 tests/slip-bad-direction.pcap
-
-diff --git a/print-sl.c b/print-sl.c
-index 3fd7e898..a02077b3 100644
---- a/print-sl.c
-+++ b/print-sl.c
-@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo,
- 	u_int hlen;
- 
- 	dir = p[SLX_DIR];
--	ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O "));
-+	switch (dir) {
- 
-+	case SLIPDIR_IN:
-+		ND_PRINT((ndo, "I "));
-+		break;
-+
-+	case SLIPDIR_OUT:
-+		ND_PRINT((ndo, "O "));
-+		break;
-+
-+	default:
-+		ND_PRINT((ndo, "Invalid direction %d ", dir));
-+		dir = -1;
-+		break;
-+	}
- 	if (ndo->ndo_nflag) {
- 		/* XXX just dump the header */
- 		register int i;
-@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo,
- 		 * has restored the IP header copy to IPPROTO_TCP.
- 		 */
- 		lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p;
-+		ND_PRINT((ndo, "utcp %d: ", lastconn));
-+		if (dir == -1) {
-+			/* Direction is bogus, don't use it */
-+			return;
-+		}
- 		hlen = IP_HL(ip);
- 		hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]);
- 		lastlen[dir][lastconn] = length - (hlen << 2);
--		ND_PRINT((ndo, "utcp %d: ", lastconn));
- 		break;
- 
- 	default:
-+		if (dir == -1) {
-+			/* Direction is bogus, don't use it */
-+			return;
-+		}
- 		if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) {
- 			compressed_sl_print(ndo, &p[SLX_CHDR], ip,
- 			    length, dir);
-- 
2.14.1

bug#28387: [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes].

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 1061 bytes --]

On Thu, Sep 07, 2017 at 04:02:47PM -0400, Leo Famulari wrote:
> I messed up the last patch (missing the additional source URL).
> 
> Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902,
> 12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997,
> 12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010,
> 13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024,
> 13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037,
> 13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050,
> 13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}.
> 
> * gnu/packages/admin.scm (tcpdump): Update to 4.9.2.
> [source]: Remove patches.
> * gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
> gnu/packages/patches/tcpdump-CVE-2017-11542.patch,
> gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files.
> * gnu/local.mk (dist_patch_DATA): Remove them.

Pushed as 81635ad03ecb3a51b5248db65919621bde9039f4.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[bug#28387] [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes].

[Ludovic Courtès]

Leo Famulari <leo@famulari.name> skribis:

> On Thu, Sep 07, 2017 at 04:02:47PM -0400, Leo Famulari wrote:
>> I messed up the last patch (missing the additional source URL).
>> 
>> Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902,
>> 12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997,
>> 12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010,
>> 13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024,
>> 13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037,
>> 13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050,
>> 13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}.
>> 
>> * gnu/packages/admin.scm (tcpdump): Update to 4.9.2.
>> [source]: Remove patches.
>> * gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
>> gnu/packages/patches/tcpdump-CVE-2017-11542.patch,
>> gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files.
>> * gnu/local.mk (dist_patch_DATA): Remove them.
>
> Pushed as 81635ad03ecb3a51b5248db65919621bde9039f4.

Great work, thank you!

Ludo’.